Firefox Extensions – My Picks

Mozilla Firefox is a popular, free, open source web browser that is extremely configurable and easy to use. Somewhat bare out of the box however, its functionality is easily extended with add-ons, or extensions if you prefer, of which there are many thousands.

With so many add-ons, most of which are free, the casual user might be tempted to install a large number of them, however i would highly recommend installing only the add-ons you really like or need since the potential to break things and compromise browser security and your privacy increases with every add-on that is installed.

Another issue that should be considered is unethical add-on developers that sometimes package unwanted and unnecessary components which may include provisions for tracking your web activities or other behavior that is not relevant to the expected function of the add-on. Although Mozilla limits what an extension can do, user tracking and advertising is permitted and so i would highly recommend that you take the following precautions before installing any add-on:

Be very wary of any add-on which is packaged in the form of a tool-bar. Many/most of these contain 3rd party spyware components for the purpose of monetizing the add-on.

If an add-on has a privacy policy, read it. Some of these are fine but many are not, so be sure to read the privacy policy if one is available.

Read the Permissions to learn what capabilities the extension requires. Older add-ons which were not ported to WebExtensions are known as Legacy add-ons and may access all browser functions. Given a choice, i would suggest using WebExtension add-ons wherever possible and only those which require the permissions necessary to accomplish the functionality in order to do their job.

Don’t install an add-on when it’s first released. Mozilla uses an automated system to evaluate add-ons initially and, as of this writing, it is deeply flawed, so wait for a while before installing a newly released add-on as this will give Mozilla and the users time to better evaluate it.

Check the user reviews to see how well an add-on is liked and be wary if it is rated at 3 or less stars, or not rated at all. Even if the add-on is rated 4 or 5 stars, check the comments of the people that gave it the lowest rating to see if their gripe seems legitimate. Several highly popular add-ons contain unwanted functionality such as user profiling/tracking including Abduction, a screen capture utility; Quick Locale Switcher, a language switcher; FasterFox Lite, a largely useless utility which claims to speed-up Firefox; BlockSite, a content blocker; Google’s Search By Image, a reverse image search utility, and many others.

Check the developers profile to see what other add-ons they have created and how those are rated.

Visit the developer website if one is available and see what kind of content is there. Look for marketing hype and be wary of dot com domains.

Be weary of developers that provide neither a website where the source code is published nor a method to submit support requests. Most ethical developers will make their source code easy to find and provide a proper support platform, such as that offered by GitHub.

Lastly, keep your add-ons updated, but before doing so you should revisit its page at addons.mozilla.org, read the change-log and re-read the privacy policy. The problem here is that a developer may decide to monetize their work at any time, or even sell their extension to an unethical party. Ingo Wennemaring, who developed the once hugely popular All-in-One Sidebar add-on, warns about this in a blog post:

It was always very important for me to be honest and fair to the users. I had very good offers to sell the extension, but I didn’t want to see that AiOS turn into adware or spyware.

My favorite Firefox add-ons

There are a few very popular add-ons that are absent here, including NoScript, Adblock Plus (or Adblock Edge), Ghostery, etc.. While this may seem odd to some, the functionality offered by these extensions is largely covered by uBlock Origin and uMatrix. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information.

Regarding the Adobe Flash Player, i do not install the Flash extension since you can watch most videos without it and therefore i have no need to worry about the security and privacy risks associated with it. If you have trouble watching some videos without Flash, try the EmbedUpdater add-on below.

Not happy with the new Australis interface for Firefox? I don’t blame you, but if you want the latest gizmo’s and security fixes, you’re stuck with it. Unfortunately, yet another add-on is necessary to re-add the functionality that the wizards at Mozilla think you don’t need, and that add-on is Classic Theme Restorer. In addition to its many settings for manipulating the appearance of Firefox, CTR also makes is easy to disable some of the “features” which rely on 3rd party services, including the Hello and Pocket features.

Decentraleyes is a privacy enhancing add-on that has the additional benefit of decreasing the load time for many web pages. It does this by loading several common JavaScript resources locally instead of having to fetch them from the web server.

Could potentially break some web sites, though it is possible to white-list affected domains.

The highly configurable Easy Copy add-on provides the ability to copy various content, such as hyperlink text, page titles and their links, excerpts and more, in various formats. For example it makes it easy to copy both a page title and link which is formatted for posting on a forum.

While many popular video websites now serve video using the HTML5 format, many videos that are embedded on 3rd party sites do not. EmbedUpdater aims to solve that problem, thus reducing the need to have the ever-vulnerable Adobe Flash Player plug-in installed.

Flagfox is a neat utility that adds an icon to the address bar which represents the flag of the country in which the web server is located. When the icon is right-clicked, a context menu is revealed with many more tools, such as a WHOIS lookup, URL shortening services and more. You can also add your own services.

If you choose to display the menu icons, they are not stored locally and have to be fetched the first time you open the menu

Greasemonkey is for running user created scripts which are typically used to change how a website functions and/or looks. Some of the most popular scripts allow you to download videos from sites like YouTube, or enhance the functionality of sites like Facebook and Google. You can even find some proof of concept scripts for defeating CAPTCHA’s, though they don’t appear to be fully baked just yet. For a selection of scripts that i personally find useful, see the bottom of this page.

Installing user scripts is a security and stability risk! While this holds true for extensions as well, scripts are generally not scrutinized to the degree extensions are when download from Mozilla. Some sites that host scripts do not preform any security checks at all. Be sure to read the feedback from others, as well as the history of the developer, before installing any script.

Link Alert simply provides a visual indication of the target of a link when you hover your pointer over the link. Want to know if the link target is a PDF, EXE, audio or ZIP file? Want to know if the target is a new window, or a JavaScript link? Link Alert can do all this and more. You can also add your own link alerts.

Load from Cache simply forces resources to be loaded from cache when possible instead of re-fetching them. This helps with tracking and privacy, especially when the requested resource is from a CDN. Load from Cache is an install-it-and-forget-it add-on.

If you read a lot of syndicated feeds (RSS/ATOM) NewsFox is, in my opinion, the best extension for reading and managing your news feeds within Firefox, even given the caveats i have listed. It offers a lot of configuration options for reading, organizing and marking the status of feeds, and it has a clean, intuitive, customizable, 3 pane interface.

NewsFox can briefly hang the Firefox GUI while checking feeds. The problem worsens as more threads are enabled in the settings. I don’t like that you cannot create sub-folders within a folder.

Reverse Image Search can use either the TinEye or Google Images to help you find alternate versions of an image. Reverse image searching is a handy tool when trying to locate a better quality version of an image or when and where an image was first published.

A fork of the original ScrapBook extension, ScrapBook X is a very handy tool for storing and organizing scraps of text, web pages or images that you want to save. I use it often when i research subject matter, such as when i wrote the NPR article. You can import, combine and export your scrap book, including exporting as HTML. If you need more power, try Zotero.

Scroll Up Folder, a fairly nice little extension which makes it super simple to navigate within a domain by moving up or down the URL structure by hovering over the address bar and using your mouse wheel. For example, you can go from subdomain.example.com/dir/?=param1to any of the following:subdomain.example.com/dir/ subdomain.example.com example.comWhile there are several other add-ons that offer similar functionality, Smart Text is the only one i have found that a) does not require a toolbar/address bar button or context menu, b) segments URL parameters and c) handles sub-domains properly.

For some reason the author coded this extension so that it adds “www.” to the domain when navigating up to the root domain even when there is no “www.”, though i’ve never yet had any problems with this.

Search Site is a great little extension that adds another icon in the right side of the Search Bar that, when clicked, will search only the current website for your search terms. Though there are others like it, i particularly like the way it’s integrated. If another icon is too much for you, you can hide it and just use Ctrl+Enter instead.

Status-4-Evar restores the absent functionality of the status bar which was removed long ago, as well as adding some cool new toys. Even if you don’t use the status bar, Status-4-Evar is still very useful if you want to move browser elements, such as the pop-up of the hovered link address or network status, to another location. I use it primarily to move the link target to the address bar where it used to be.

The Archiver can both archive web pages and retrieve archived copies of archived pages using the Wayback Machine, Archive.is and WebCite. It is a handy tool for research, or if you just want to see what a previous version of a page looks like.

uBlock Origin is a superior content filter that replaces all other content/ad blockers for me, including Adblock Plus/Edge, NoScript, Policeman and several others. It is capable of using the same filter lists as Adblock Plus/Edge as well as many more that the others cannot use. Two of the most welcome differences with uBlock Origin is that it does not slow the loading time for Firefox to any noticeable degree and it uses less memory then the Adblock derivatives. Another major advantage over the other Adblock extensions is that it can block both 1st and 3rd party requests for images, scripts and frames. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information regarding uBlock Origin. Lastly, note that there are two versions of uBlock; uBlock and uBlock Origin. I highly recommend that you use uBlock Origin which is written by the original developer, Raymond Hill.

As with any content filtering extension, uBlock Origin has the potential to break website functionality until it is configured correctly

uMatrix, another very powerful content blocker also by Raymond Hill, is similar to uBlock Origin however it offers more granular control over blocking various resources including cookies, CSS, images, plug-ins, scripts, XHR, frames and more. In my case i use uBlock Origin as an install-it-and-forget-it solution for blocking ads and malware domains, while i use uMatrix to block the aforementioned resources. It is perfectly fine to use both together, but i would suggest reading my guide, Firefox Configuration Guide for Privacy Freaks and Performance Buffs, for information on how to properly configure them to get the most out of each one.

As with any content filtering extension, uMatrix has the potential to break website functionality until it is configured correctly

Greasemonkey scripts

Some Greasemonkey scripts which i find useful:

ViewTube – One of the better scripts for dealing with YouTube stupidity, this script prevents auto-play and allows you to view videos in a variety of formats, including HTML5 or by using an external player such as VLC. ViewTube also makes it easy to download video files in all of the various formats and levels of quality it can detect. ViewTube works with many video sharing sites other than YouTube and can be extended to work with even more using the ViewTube+ add-on which you can download from the home page.

In the privacy department, there are a few scripts written by members of the ghacksuserjs project which offers a security and privacy-centric user.js template to make Firefox and websites respect your privacy. Currently these scripts include Conceal history.length, Conceal window.name and Clear window.opener, all of which can be found in the User Scripts section of their wiki. To add these scripts to Greasemonkey, open about:addons in your browser and click the User Scripts heading. Now go to the wiki page and copy one of the scripts, then click New User Script… link at the top of the User Scripts settings page. A form will appear at the bottom of which should be a button labeled Use Script From Clipboard. After the script is pasted, a new window should display with the full script after which you can save it and you’re done.

Doing it without an add-on

Enhancing privacy and security

Smooth scrolling

See my Firefox Scroll Tweak tutorial for how to enable dynamic, silky smooth scrolling without using an extension.

Copying text without formatting

Sometimes you may want to copy text without the added HTML markup. While i am not aware of any way to do this without an extension, you can do the next best thing, which is paste the text without the formatting. To do this, simply paste using Ctrl+Shift+V instead of Ctrl+V. This works on Windows and Linux.

Removing the Firefox window title-bar on Linux, KDE

Giving back

If you like an add-on, or any other free software, please donate to the developer. Trust me when i tell you that most developers of free software usually receive nothing, or next to nothing for all their hours of hard work and the support they provide. Developers are usually very appreciative of a donation regardless of how small it may be.

in the interest of privacy, i would personally recommend against doing this unless you’re going to use your own server, unless you find a service with a strong privacy policy and will encrypt your data

fingerprinting by analyzing keystroke timings doesn’t sound like a far-fetched idea, but this attack relies on JavaScript which means it wouldn’t work for sites where JS is disabled (and it should be disabled globally by default in my opinion)

also, unless the extension randomizes the dwell and gap times, i would think that its effectiveness would be very limited since your dwell and gap times are now perfectly consistent and therefore quite unique assuming that few people use the extension (currently only 20 for Firefox), however even if a lot of people used it, you could still be easily fingerprinted if you set the timings to something other than the defaults – assuming the min and max values are 0 to 99, and assuming i’m calculating correctly, that allows for 9800 unique possibilities (excluding the default of 50-50) and if the max were 999, then 998,000 possibilities (excluding the default of 50-50)

even given the above, i’m not sure it’s a bad thing, but i think you would really want to change the dwell-gap times once in a while

I last posted here on 6/6/15 (above). Awhile ago, when the switch to semi-mandatory Signed extensions came along, many developers (such as for the excellent ‘DownThemAll’) started making noises about dropping out entirely. However, it turned out that we users still had the option of circumventing this issue via a setting in About:Config.

I don’t know how many of you are aware of it, but there is an even bigger sea change fast approaching, and it looks to be HUGE. Check out the following:

So, if you didn’t know before now you do, and won’t be shocked when this occurs. A whole lot of our favorite extensions may simply be going away, for good. Some very major ones like Greasemonkey may avoid that, adapting with special updates. I don’t know what the implications may be for various scripts we may be running under GM . . . .

If you have some encouraging words to add — maybe some positive details that have not yet come to light — I’d be very glad to read them.

So to clarify, for the Clean Links addon, Event Delegation Mode is purely cosmetics and enabling/disabling it doesn’t affect the fact that links will always be cleaned when entered into the browser or clicked to go to that page? Is the only reason they want to disable it is that you want to see the clean version of links just because it looks nicer? Lastly, were you able to convert the garbage fields from Pure-URL addon to rules for Clean Links and if so, can you share them?

actually the DOM traversal mode is cosmetic because it allows you to see what links are rewritten before clicking on them, but yes, basically you are right in that links are cleaned in either mode, however Event Delegation Mode is recommended by the dev

i haven’t bothered incorporating the Pure URL garbage fields and, so far, haven’t seen a need to

I noticed that you recommended Shim Storage, then it was replaced with HTTP UserAgent, which was eventually dropped because development was abandoned. Do you still use Shim Storage? If not, how do manage DOM storage (if you bother)? For example, uMatrix clears DOM storage of the webpage if the cookies was blocked, but if it isn’t the storage is created–do you simply let it persist throughout the session? I don’t feel comfortable with that (I have cookies and cache deleted every 30 minutes), but haven’t found a way to clear DOM storage throughout the session.

I’m also interested in the specifics of your Clean Links settings–do you mind posting a full screenshot of it? I’m not technical or patient enough to personalize my own settings and it would help a lot if I can use your specific configuration and then remove or add things as needed if things break for me (couldn’t find much information of other people’s configurations because it doesn’t seem to be a popular addon). Have you configured it to at least replace the defaults of Pure-URL addon?

hi Yuri – no, i don’t use Shim Storage and actually development has been resumed on HTTPUserAgent Cleaner (now http-useragent-cleaner – same developer) – although i think this extension is a worthwhile addition, there’s 3 reasons i’m no longer using it; 1), i wrote the English manual for it and found it very difficult (to put it mildly) to work with the dev because of the language barrier (he can barely understand/write EN) and his lack of helpfulness in providing answers to questions, 2), because it’s yet another extension that people will have to fiddle with when something breaks and 3), given the capability of uMatrix and the other add-ons listed here, i think it’s usefulness is somewhat limited, particularly as far as spoofing certain system and browser details – for example, spoofing your display/browser resolution will often render a page that will look horrible

regarding uMatrix and DOM storage, i disallow cookies by default (as per the guide) and only allow them for the few domains i visit were they are actually needed – all of this is dumped when the browser exits as per my settings privacy.clearOnShutdown.* – so no, i don’t clear at regular intervals, but i will occasionally do a manual clear with the built-in history manager (selected are: cookies, cache, active logins, offline website data and site preferences)

regarding Clean Links, the default settings are OK – the only real thing to be aware of is whether you enable Event Delegation Mode (it is enabled by default) – if you do not enable it, then you can take advantage of real-time link highlighting which i much prefer, however the dev has told me that the code driving this mode is not maintained, so i use the default mode (i’m trying to persuade him to work on this) – Redirect Watcher, HTTP Observer, CopyLink Controller and Link Tracking are also enabled

Highlight Cleaned Links, Highlight Style and Replay Delay are all either of limited use or not used at all when running in Event Delegation Mode

i think it is important to understand how to add strings to the Remove From Links regular expression, as well as what to look for in a URL that can be removed – unfortunately, learning regular expressions will present a lot more hassle than it’s worth for the average user and so i’d like to see a UI incorporated for building them where no knowledge of RegEx is necessary

Can you share your complete settings (screenshot would be easier) for Clean Links addon? I used to use your recommendation of Pure-URL with its default settings because I haven’t had the time or knowledge to configure it to find a good balance between privacy and usability and apparently Clean Links is better than Pure-URL in every way. Cheers.

i have event delegation mode enabled – all of the rest is personal preference

so event delegation mode means that links are not rewritten (cleaned) when the page loads, but rather only when you actually click on a link that needs to be rewritten

i much prefer the other mode, but the developer says the code driving it is not maintained – the non-event mode rewrites links at page load time and therefore you can make use of the CSS (highlight style) to give a visual cue as to what links on the page were rewritten

For some time now, I’ve been using these Greasemonkey scripts: Anti-Adblock Killer 8.1, AdsBypasser 5.24.0 (gets around the very annoying Ad.fly, Linkbucks, etc. pages), and Ad Host Cleaner 1.3.4 — the last version I could find of this. Its motto was “Bye Bye Download Accelerator/Manager”, and for awhile it thwarted file hosts that wanted to force you to accept an .Exe file version each time, rather than a standard .Rar piece of an archive. Of course, this is very bad practice, easily giving a free ride to malware or who knows what. However, Ad Host Cleaner seems to no longer be effective. I was hoping you might know of some later script or extension (for FireFox or for Chrome) that still provides control over this ?

hi Gene i do not know of an extension for bypassing the garbage at download sites specifically, but i’m sure that some exist – go to the Mozilla Add-ons site and search for “skip” or “bypass” along with “downloads” – i know i have seen some and even used one at one point, but i cannot recall the names